General
-
Target
8ZSZQ_random.exe
-
Size
1.8MB
-
Sample
250215-v7s4wavqer
-
MD5
411303148c2c132ec3b30a97c1936cf9
-
SHA1
9693f9e29924d1bbb1bf87f10707c74d1df7e996
-
SHA256
dc9c553a3ff7574b1007f70a911f10ca22590a7661dfb84a25c5009d1b564fbb
-
SHA512
f27dce51cbed73bb3f1b8fb977d3168f5778bab24b4c762f16333adfb9d93ce1b476a3277d994ee429781919385846c68c618c5d72b38ca6a7bc82f9c658dbdd
-
SSDEEP
24576:5oplyMtRrcEVZQuiws76pon4/JaaT2cEMeUkt2BgHTczSS/yyvX6em4yWgw:5opPR5ZQuiws76p/iSiAllyyvdm4I
Malware Config
Targets
-
-
Target
8ZSZQ_random.exe
-
Size
1.8MB
-
MD5
411303148c2c132ec3b30a97c1936cf9
-
SHA1
9693f9e29924d1bbb1bf87f10707c74d1df7e996
-
SHA256
dc9c553a3ff7574b1007f70a911f10ca22590a7661dfb84a25c5009d1b564fbb
-
SHA512
f27dce51cbed73bb3f1b8fb977d3168f5778bab24b4c762f16333adfb9d93ce1b476a3277d994ee429781919385846c68c618c5d72b38ca6a7bc82f9c658dbdd
-
SSDEEP
24576:5oplyMtRrcEVZQuiws76pon4/JaaT2cEMeUkt2BgHTczSS/yyvX6em4yWgw:5opPR5ZQuiws76p/iSiAllyyvdm4I
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2